<?php
session_start();

$self   = $_SERVER['PHP_SELF'];

if (!$_SESSION['auth']) {
	echo "Please <a href=\"login_form.php\">log in</a> to the MoDD website.";
	echo "</body></html>";
	
	exit();
}

include_once("db_login.php");
$cnx = connect_to_db();
if (!$cnx) {
	die("Couldn't connect to database: " . mysql_error());
}


?> 


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="moddweb.css" rel="stylesheet" type="text/css">

<script type="text/javascript">

<!-- Begin
function validatePwd() {
	
	var invalid = " "; // Invalid character is a space
	var minLength = 6; // Minimum length
	var pw1 = document.myForm.passwd_1.value;
	var pw2 = document.myForm.passwd_2.value;
		
	// check for a value in both fields.
	if (pw1 == '' || pw2 == '') {	
		alert('Please enter your password twice.');
		return false;
	}

	// check for spaces
	if (document.myForm.passwd_1.value.indexOf(invalid) > -1) {
		alert("Sorry, spaces are not allowed.");
		return false;
	}
	
	if (pw1 != pw2) {
		alert ("Passwords don't match. Please re-enter the same password twice.");
		return false;
	}
	else {
		return true;
	}

}
// END -->

</script>


<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Change password</title>
</head>

<body>

<?php

$username = $_SESSION['username'];
$uid      = $_SESSION['uid'];

echo "<h3>Password change form</h3>";

if (isset($_POST["submit"])) {

	$error = false;
	$message = "";

	$query = "SELECT password FROM user WHERE user_id=$uid";
	$res   = $cnx->query($query);
	$data  = $res->fetchRow();
	
	$stored_password = $data[0];

	if ( strcmp($_POST['username'], $username) != 0 ) {
		$message = "Invalid username. Please try again.";
		$error = true;
	}
	
	if ( strcmp($stored_password, $_POST['old_passwd']) != 0) {
		$message = "The old password you entered is invalid. Please try again.";
		$error = true;
	}
	else {
		$query = "UPDATE user SET password=\"$_POST[passwd_1]\" WHERE user_id=$uid";
		$res   = $cnx->query($query);
		if (DB::isError($res)) {
			$message = "Database error while updating password.";
			$error = true;
		}
		$message = "Your password has been successfully updated!";
	}

	if ($error) {
		echo("<font color=\"red\">$message</font><br /><br />\n");
		render_form();
	}
	else {
		echo ($message .  "<br /><br />");
		echo ("<a href=\"login_form.php\">Log in</a> to the MoDD website using your new " .
			  "password.");
		session_destroy();
	}


}
else {
	render_form();
}

?>



<?php

function render_form() {

	global $self;

	//echo "Hello, $_SESSION[name]. You can change your password here<br />.";

	$hello = "HELLO";

	echo('<form name=myForm method="POST" action="'.$self.'" onsubmit="' . "return validatePwd();" . 
		 '">' .
	'<table>' .
	'<tr><td ALIGN="right"><label>Username:</label></td> <td><input type="text" name="username"></td></tr>' .
	'<tr><td ALIGN="right"><label>Old password:</label></td> <td><input type="password" name="old_passwd"></td></tr>' .
	'<tr><td ALIGN="right"><label>New password:</label></td> <td><input type="password" name="passwd_1"></td></tr>' .
	'<tr><td ALIGN="right"><label>Verify new password:</label></td> <td><input type="password" name="passwd_2"> </td></tr>' .
	'<tr><td>&nbsp;</td><td ALIGN="right"><input type="submit" name="submit" value="Change password"></td></tr>' .
	'</table>' .
	'</form>'
	);
}


?> 


</body>
</html>
